Man Who Hacked Yahoo in 2012 Sentenced to Two Years in Prison

Irony of the year: D33ds Company hacker sentenced to prison on the same day Yahoo admits to massive data breach

Nazariy Markuta, 23, of Harlesden, London, will spend the next two years in prison for hacking several companies, including Yahoo, as a member of the D33ds Company hacking crew.

A UK judge passed the sentence on Thursday, the same day Yahoo admitted to a massive data breach during which an unknown attacker stole details for 500 million users.

Yahoo blamed this incident on a “state-sponsored actor,” and said the intrusion took place in 2014.

Markuta hacked Yahoo! Voice in 2012

The incident Markuta was accused of happened in 2012 when the hacker and others breached servers belonging to the Yahoo! Voice service and stole the personal details of over 450,000 users.

The UK National Crime Agency (NCA) says Markuta used an SQL injection flaw to breach the servers and stole emails and passwords, which he later dumped online via his hacking outfit’s forum, where he was an administrator.

The data contained the 453,492 email addresses and plaintext passwords, and they were uploaded online in a document marked “Owned and Exposed.”

NCA said they also found thousands of credit and debit card records in Markuta’s possession after searching his house.

Markuta’s multiple prison sentences will run concurrently

A judge at Southwark Crown Court sentenced Markuta to a total of 11 years and three months in prison. The sentences will run concurrently, meaning the hacker will only serve a maximum of two years in prison.

Markuta pleaded guilty to two offenses under the Serious Crime Act 2007, three offenses under the Computer Misuse Act 1990, and three offenses under the Fraud Act 2006.

UK police and the FBI collaborated to track down Markuta, and they arrested him at his house in Harlesden in March 2015. His arrest was part of a series of 25 raids across England, Scotland, and Wales, during which police detained 57 members for various hacking offenses.